Ericsson accelerates 5G for Enterprise with the acquisition of Cradlepoint Read More

CPSEC-20: NCM Account Automation assigns System Admin role to users on POD

January 18, 2019

Summary: NetCloud Manager (NCM) system administrator was been changed without notifying the client system administrator. A defect was released to production that allowed certain provisioning services to modify an existing account’s System Administrator to match the user listed as the ‘Shipping Contact’ on a Purchase Order processed by Operations.

Identified: Benjamin A. Fischer, Indiana Department of Transportation.

Mitigation: A code fix within Accounts Service and Provisioning Service were deployed to production. Provisioning Service would always check for the existence of an account before attempting to provision System Administrators or any account users. Accounts Service would never allow additional users to be created on existing accounts during the Order/Subscription provisioning flow.

Cradlepoint Support

Knowledge Article (Requires login to view article.)